jonas/tlu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2c36f06963
tlu/salt/states/rancher/certs.sls
jonas c99563ec7e added rancher
2021-11-05 16:06:45 +01:00

81 lines
2.3 KiB
Plaintext
Raw Blame History

Create the ca cnf file:
file.managed:
- name: /etc/rancher/ssl/rancher-ca.cnf
- source: salt://rancher/files/rancher-ca.cnf
- user: root
- group: root
- makedirs: True
- mode: "0600"
- dir_mode: "0755"
Create rancher CA key:
x509.private_key_managed:
- name: /etc/rancher/ssl/rancher-ca.key
- passphrase: {{ pillar['rancher']['ca_passphrase'] }}
- bits: 2048
- owner: root
- group: root
- mode: "0600"
Create rancher CA certificate:
cmd.run:
- name: openssl req -config rancher-ca.cnf -key rancher-ca.key -new -x509 -days 3650 -sha256 -out rancher-ca.crt -passin pass:{{ pillar['rancher']['ca_passphrase'] }}
- cwd: /etc/rancher/ssl
- onchanges:
- file: Create the ca cnf file
Create rancher-server key:
x509.private_key_managed:
- name: /etc/rancher/ssl/rancher-server.key
- bits: 2048
- owner: root
- group: root
- mode: "0600"
Create the server cnf file:
file.managed:
- name: /etc/rancher/ssl/rancher-server.cnf
- source: salt://rancher/files/rancher-server.cnf.jinja
- template: jinja
- user: root
- group: root
- mode: "0600"
Create the rancher-server signing request:
cmd.run:
- name: openssl req -new -key rancher-server.key -config rancher-server.cnf -out rancher-server.csr
- cwd: /etc/rancher/ssl
- onchanges:
- file: Create the server cnf file
Set permission on rancher-server singing request:
file.managed:
- name: /etc/rancher/ssl/rancher-server.csr
- replace: False
- user: root
- group: root
- mode: "0600"
Create the rancher-server certificate:
cmd.run:
- name: openssl x509 -req -in rancher-server.csr -CA rancher-ca.crt -CAkey rancher-ca.key -CAcreateserial -out rancher-server.crt -days 3650 -sha256 -passin pass:{{ pillar['rancher']['ca_passphrase'] }}
- cwd: /etc/rancher/ssl
- onchanges:
- cmd: Create the rancher-server signing request
Set permission on rancher-server certificate:
file.managed:
- name: /etc/rancher/ssl/rancher-server.crt
- replace: False
- user: root
- group: root
- mode: "0600"
Set permission on rancher CA serial:
file.managed:
- name: /etc/rancher/ssl/rancher-ca.srl
- replace: False
- user: root
- group: root
- mode: "0600"
Reference in New Issue View Git Blame Copy Permalink